Video Screencast Help

Change SEP virus Defination location

Created: 23 May 2012 • Updated: 08 Jan 2013 | 27 comments
Ashish-Sharma's picture
34 Agree
1 Disagree
+33 35 Votes
Login to vote

Hi Team,

If it is possible, We are able to Change SEP virus Definition default location.

HOPE THIS FEATURE IS AVAILABLE in the upcoming Releases!!!

Comments 27 CommentsJump to latest comment

venktesh's picture

yes i agree with ashish ,We can be able to reduse disk space issue.

0
Login to vote
sharmakhilesh's picture

It's better if we can change it in different Drive.

0
Login to vote
cus000's picture

I agree.

Should able to customize it for customer sake.

0
Login to vote
Mohan Babu's picture

If this idea implemented.

Around 30 % of call volume will be reduced because of the disk space issue.

Hope will get this fixed in next patch.....

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

+1
Login to vote
Ambesh_444's picture

Hi Ashish,

I hope we will be able to reduce the disk space in next fixed patch.

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

+1
Login to vote
Ashish-Sharma's picture

Hi,

I have raised this IDEA last June but not received this feature SEP 12.1 RU2.

We are waiting for this IDEA.

Please Vote Up this IDEA so we will received this facillty Upcoming version

Thanks In Advance

Ashish Sharma

+3
Login to vote
rs_cert's picture

Yes, it will be benificially.

0
Login to vote
D_S's picture

We need it here too in order to boot up Citrix servers from a clean image and have them access latest definitions in, say, drive D: and not more-than-a-month-old definitions from the C: image.

0
Login to vote
Daniel996's picture

This would be a fantastsic feature for VDI, eg Citrix XenDesktop where you have a persistent D: drive for write cache, if we could use this for storing definitions rather than having to update to current definitions on every startup of a golden image. It would definitely put Symantec higher up the list when we evaluate VDI solutions for clients.

Regards

Dan

+1
Login to vote
John Santana's picture

Yes please, this is a good idea for the next release, hopefully SEP 12.1 RU3 can have this feature.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

+1
Login to vote
Ashish-Sharma's picture

John,

We are waiting for this feature.

Thanks In Advance

Ashish Sharma

+1
Login to vote
John Santana's picture

Exactly yes, me too, sometimes when the server runs out of C: drive, I delete the older two SEP definitions directory out of three available.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
oates-lee's picture

Just wondering if anyone has found the answer? to moving definitions from the system drive.

0
Login to vote
GAULE's picture

I am also wondering if this capability has been introduced. My problem is that I load a patch an my servers on a monthly basis which eats up space on a limited C drive. The main problem is the C drive on the servers was partioned much to small and loads of space on the D drive. Eventually the space on the C will run out. The only option then will be to reconfigure the partions. 

0
Login to vote
josh_symc's picture

The answer(s) are in the thread above :). It's not 'officially' in the product or best practices as yet. The reg settings do not survive on upgrade as noted. Check Elisha's post for 12.1, and the following post by PaulieD details how to as well relocate additional dirs used (and note how he used Sysinternals to track).

+1
Login to vote
Paulie-D's picture

Hi Josh -

I am saddened that Symantec decided to REMOVE my post from 2013 - the very post which you referenced in your feedback here:  https://www-secure.symantec.com/connect/ideas/change-sep-virus-defination-location

Why would they have done so?  I spent hours researching and perfecting the proposed solution - a solution which worked well, for the SEP version at that time.  I deployed the approach in a production environment and it worked flawlessly.  In fact, I got the premise for my idea from a related, albeit older post from Symantec's own Elisha Riedlinger - Principal Product Manager.

I continue to receive notifications from this forum / post, despite that my contribution was redacted.

In summary: I had a high degree of success in relocating Endpoint Protection’s Virus Definitions to an alternate (non-OS) drive.  Furthermore, I leveraged Microsoft’s / Sysinternals tool “Process Monitor” to confirm that both the Live Update staging / expansion process, in addition to the permanent residence, of Virus Defs only impacted the alternate drive.  While there was a minor increase in the system's C: (OS) drive, it appeared to be solely related to the growth of SEP’s internal ("Iron") database.

The core of my changes involved altering the following registry settings to reference my desired path for Virus Defs:

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\PathExpansionMap]
"DEFINITIONSROOT"="V:\\SEP"
"SAVDEFDIR"="V:\\SEP\\Definitions\\VirusDefs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Content]
"VirusDefs"="V:\\SEP\\Definitions\\VirusDefs"
0
Login to vote
ᗺrian's picture

Your posts are there now.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
benpaul4u's picture

Hi,

I was facing this issue since SAV10 2 years ago.

Moved the VirusDefs folder to say E Drive and used linkd utility to create symbolic link/junction point in Original C Drive location which points to new E Drive location.

So SAV/SEP still sees the definitions as if it is in C Drive's original location, whereas real data resides in E Drive.

We saved lot of upgrades and got rid of definition not uptodate issues in servers having less free space in  C Drive.

Hope this helps some of you....

+1
Login to vote
Chris Hays's picture

People prior to me short-changed the C: partition.  This really should be standard with server products.  I get it that one might be very reluctant to change the data storage drive on a windows desktop machine, but on a server, other issues are in play that require some flexibility.  This is one application that needs an exception.

You let us choose where the program files are, why not the definitions?

Chris

0
Login to vote
ᗺrian's picture

This is workaround until something permanent is in place:

How to use a new Drive/Partition to host the Symantec Endpoint Protection virus definition folder content directory without reinstalling

Although with 12.1.5 this really isn't needed since defs are now compressed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

+1
Login to vote
John Santana's picture

thanks for sharing

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Tony Sutton's picture

I also agree with this idea - this is a MUST HAVE feature.

Please make this available in the next release.

0
Login to vote
NetTeamBC's picture

This change request was suggested in 2012 and 3 years later no formal response , it would help a lot of companies out there , think Citrix Xenapp (Provisioning Services ) , and all VDI solutions out there , it is really an issue. We have problems with certain virus defs that "break"  some browsers (Internet Explorer) , when you spend a couple of hours logging the issue with Symantec the response you get is wait for the virus definitions to be updated and this problem will go away.

Now if you can connect the dots in a golden image scenario (VDI) you will face this issue everytime the OS is rebooted since C drive changes are not persistent. 

Symantec , pick up your game and implement this change

For all your SEP custmers out there this feature would stop us from having to work around your App in likely unsupported configurations to get things working 

+1
Login to vote
Paulie-D's picture

@NetTeamBC - I agree, despite that version 12.1.5 began to compress the VirusDefs thus consuming less disk space. Regardless of that fact, to not allow the system administrator to choose a different, local disk for staging and storing the Virus Defs is discouraging and counter-intuitive.

As anyone who has taken the time to research the VirDef updates process, it consumes a very large amount of disk space, during the decompression, staging and implementation process .. and returning (most of) the space thereafter.  Hence, the need for admins to choose a non-OS disk volume.

0
Login to vote
Paulie-D's picture

@NetTeamBC - I agree, despite that version 12.1.5 began to compress the VirusDefs thus consuming less disk space. Regardless of that fact, to not allow the system administrator to choose a different, local disk for staging and storing the Virus Defs is discouraging and counter-intuitive.

As anyone who has taken the time to research the VirDef updates process, it consumes a very large amount of disk space, during the decompression, staging and implementation process .. and returning (most of) the space thereafter.  Hence, the need for admins to choose a non-OS disk volume.

To that end, I added a reply to a Symantec Employee who actually quoted my 2013 submission of precisely how I accomplished this .. and asked why Symantec REMOVED my post sometime thereafter?!

0
Login to vote
josh_symc's picture

I did not remove you post Paulie-D , that was done by another...i dont have admin rights here. Sorry though.

We are over this summer and already begun via delta updates from public LU, moving the full size client to a new core definition technology that will reduce def size by 50%. It will be complete by late summer/early fall. It is already in use by Norton since ~2010 so not a new untested technology. It does have compression as part of the underlying technology change.

As well in RU6 there is a new reduced size client with a 100MB static size def, defs will be updated, the total size is 100MB. I believe above posts are referring to this as the compressed client? Not technically correct.

We are addressing the underlying issue rather than workarounds. Once you approach a couple GBs for the client, with >1Gb defs, you run into all sorts of issues. Symbolic links wont help that.

0
Login to vote
Chris Hays's picture

Since our pleas are falling largely on deaf ears, if you are desperate enough you might try what I did.  I used the light version of AOMEI Partition Assistant (Free!!) to resize my partitions on Windows Server 2003. It will do it in place and preserve the data.

http://www.disk-partition.com/partition-assistant-lite.html

Caveat Emptor!! Partition changes are always dangerous.  Never do them without a full and complete backup avvailable. I am not responsible for anything that goes wrong! 

Again if you are really desperate, it might be worth a try.

Chris

0
Login to vote